This paper develops a methodology for analyzing and predicting the impact category of malicious code, particularly email worms. The current paper develops two frameworks to classify email worms based on their detrimental impact. The first framework, the Total Life Impact (TLI) framework is a descriptive model or classifier to categorize worms in terms of their impact, after the worm has run its course. The second framework, the Short Term Impact (STI) framework, allows for prediction of the impact of the worm utilizing the data available during the early stages in the life of a worm. Given the classification, this study identifies the issue of how well the STI framework allows for prediction of the worm into its final impact category based on data that are available in early stages as well as whether the predicted value from Short Term Impact framework valid statistically and practically. © 2007 Elsevier B.V. All rights reserved.
Insu Park, Raj Sharman, H. Raghav Rao, Shambhu J.